I want to get a user to RunAs another role (that's an admin role: ROLE_USER_ADMIN) to change the privileges in an object owned by another user.
- Create a Role with an authority 'ROLE_RUN_AS_USERADMIN'
- enable RunAs in config.groovy
grails.plugin.springsecurity.useRunAs = true
grails.plugin.springsecurity.runAs.key = '*****'
- give the generated role the authority to change Acl details
grails.plugin.springsecurity.acl.authority.changeAclDetails = 'ROLE_RUN_AS_USERADMIN'
- Annotate the service method that accepts an invitation and sets the domain object privileges to allow access
@PreAuthorize(['ROLE_USER', 'ROLE_RUN_AS_USERADMIN']) //run as ROLE_USER and ROLE_RUN_AS_INVITED_USER
but I still get an error when an access control entry is to be added to the domain object's acl:
Unable to locate a matching ACE for passed permissions and SID
